Digital data communications may be provided between two computing devices (such as a client device and a server device) over a data network (such as the Internet). Accordingly, some form of authentication may be used to protect against unauthorized data transfer. For example, a client device may request data from a server device, and the server device may require authentication of the client device and/or a credential for the client device before providing the requested data.
Authentication may be provided, for example, by assigning a username and password to the client device with the username and password being known to the server device. Upon the client device requesting data from the server device, the server device may request the username and password for the client device. The data transfer may be allowed to proceed if the correct combination of username and password is provided by the client device. If the correct combination of username and password is not provided by the client device, the server device may block the requested data transfer. A username/password may thus serve as a credential used to authenticate a client device wherein the username/password is assigned by one of the client device and/or the server device.
Authentication of the client device may also be provided using a certificate. A certificate is a digital document that vouches for the identity and ownership of an individual, a computer system, a specific server running on that system, or an organization. For example, a certificate of a user and/or a computing device may verify that a particular public key is assigned to the user and/or computing device. The X.509 standard is one of many standards that defines what information can go into a certificate and describes the data format of that information. A trusted third party may issue. certificates to authenticated persons and/or client devices, and the trusted third party may validate certificates presented by a server device. Digital certificates are discussed, for example, in U.S. Pat. No. 6,775,782 entitled System And Method For Suspending And Resuming Digital Certificates In A Certificate-Based User Authentication Application System. Digital certificates are also discussed in U.S. Pat. No. 6,823,452 entitled Providing End-To-End User Authentication For Host Access Using Digital Certificates. The disclosures of both of these patents are hereby incorporated herein in their entirety by reference. A digital certificate may thus serve as a credential used to authenticate a client device wherein the digital certificate is assigned by a third party certification authority.
Authentication of the client device may be provided using other network authentication standards such as Kerberos. The Kerberos network authentication standard is discussed, for example, in the reference by B. Clifford Neuman, et al. entitled Kerberos: An Authentication Service For Computer Networks, USC/ISI Technical Report number ISI/RS-94-399, IEEE Communications Magazine, Vol. 32, No. 9, pages 33-38, September 1994. The disclosure of the Neuman et al. reference is hereby incorporated herein in its entirety by reference. According to the Kerberos standard, a secure token is issued by a third party certification authority for a single use.
Authentication of the client device may be provided using still other network authentication standards such as a secure ID token standard. A secure ID token standard uses individually registered devices that generate single-use passcodes (tokens) which change based on a time code algorithm. A secure ID token standard is discussed, for example, in Extending SSHAuthentication Protocol With RSA Secure ID, California Software Laboratories, (http://www.cswl.com/whiteppr/white/ssh.html).